CVE-2005-0759
CVSS5.0
发布时间 :2005-03-23 00:00:00
修订时间 :2010-08-21 00:26:58
NMCOPS    

[原文]ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.


[CNNVD]ImageMagick 拒绝服务攻击漏洞(CNNVD-200503-130)

        远程攻击者可以借助ImageMagick 6.0之前版本,通过带有无效标记的TIFF图像实施拒绝服务攻击(应用程序崩溃)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:imagemagick:imagemagick:5.4.4.5ImageMagick 5.4.4.5
cpe:/a:sgi:propack:3.0SGI ProPack 3.0
cpe:/a:imagemagick:imagemagick:5.3.3ImageMagick 5.3.3
cpe:/a:imagemagick:imagemagick:5.5.7ImageMagick 5.5.7
cpe:/a:imagemagick:imagemagick:5.4.8ImageMagick 5.4.8
cpe:/a:imagemagick:imagemagick:5.5.6.0_2003-04-09ImageMagick 5.5.6.0 2003-04-09
cpe:/a:imagemagick:imagemagick:5.5.6ImageMagick 5.5.6
cpe:/a:imagemagick:imagemagick:5.3.8ImageMagick 5.3.8
cpe:/a:imagemagick:imagemagick:5.4.7ImageMagick 5.4.7
cpe:/a:imagemagick:imagemagick:5.5.3.2.1.2.0ImageMagick 5.5.3.2.1.2.0
cpe:/a:imagemagick:imagemagick:5.5.4ImageMagick 5.5.4
cpe:/a:imagemagick:imagemagick:5.4.3ImageMagick 5.4.3
cpe:/a:imagemagick:imagemagick:5.4.8.2.1.1.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11022ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0759
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0759
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-130
(官方数据源) CNNVD

- 其它链接及资源

https://rhn.redhat.com/errata/RHSA-2005-070.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:070
http://www.securityfocus.com/bid/12875
(VENDOR_ADVISORY)  BID  12875
http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html
(VENDOR_ADVISORY)  SUSE  SUSE-SA:2005:017
http://www.debian.org/security/2005/dsa-702
(VENDOR_ADVISORY)  DEBIAN  DSA-702
http://securitytracker.com/id?1013550
(VENDOR_ADVISORY)  SECTRACK  1013550

- 漏洞信息

ImageMagick 拒绝服务攻击漏洞
中危 其他
2005-03-23 00:00:00 2005-10-20 00:00:00
远程  
        远程攻击者可以借助ImageMagick 6.0之前版本,通过带有无效标记的TIFF图像实施拒绝服务攻击(应用程序崩溃)。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        RedHat Fedora Core2
        Fedora ImageMagick-6.2.0.7-2.fc2.4.legacy.i386.rpm
        RedHat Fedora Core 2
        http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-6.2 .0.7-2.fc2.4.legacy.i386.rpm
        Fedora ImageMagick-c++-6.2.0.7-2.fc2.4.legacy.i386.rpm
        RedHat Fedora Core 2
        http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-c++ -6.2.0.7-2.fc2.4.legacy.i386.rpm
        Fedora ImageMagick-c++-devel-6.2.0.7-2.fc2.4.legacy.i386.rpm
        RedHat Fedora Core 2
        http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-c++ -devel-6.2.0.7-2.fc2.4.legacy.i386.rpm
        Fedora ImageMagick-devel-6.2.0.7-2.fc2.4.legacy.i386.rpm
        RedHat Fedora Core 2
        http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-dev el-6.2.0.7-2.fc2.4.legacy.i386.rpm
        Fedora ImageMagick-perl-6.2.0.7-2.fc2.4.legacy.i386.rpm
        RedHat Fedora Core 2
        http://download.fedoralegacy.org/fedora/2/updates/i386/ImageMagick-per l-6.2.0.7-2.fc2.4.legacy.i386.rpm
        RedHat Fedora Core1
        Fedora ImageMagick-5.5.6-13.legacy.i386.rpm
        RedHat Fedora Core 1
        http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-5.5 .6-13.legacy.i386.rpm
        Fedora ImageMagick-c++-5.5.6-13.legacy.i386.rpm
        RedHat Fedora Core 1
        http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-c++ -5.5.6-13.legacy.i386.rpm
        Fedora ImageMagick-c++-devel-5.5.6-13.legacy.i386.rpm
        RedHat Fedora Core 1
        http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-c++ -devel-5.5.6-13.legacy.i386.rpm
        Fedora ImageMagick-devel-5.5.6-13.legacy.i386.rpm
        RedHat Fedora Core 1
        http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-dev el-5.5.6-13.legacy.i386.rpm
        Fedora ImageMagick-perl-5.5.6-13.legacy.i386.rpm
        RedHat Fedora Core 1
        http://download.fedoralegacy.org/fedora/1/updates/i386/ImageMagick-per l-5.5.6-13.legacy.i386.rpm
        ImageMagick ImageMagick 5.3.3
        ImageMagick ImageMagick 6.0
        http://www.imagemagick.org/script/download.php?
        TurboLinux ImageMagick-5.3.3-5.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/ImageMagick-5.3.3-5.i586.rpm
        TurboLinux ImageMagick-5.3.3-5.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/ImageMagick-5.3.3-5.i586.rpm
        TurboLinux ImageMagick-devel-5.3.3-5.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/ImageMagick-devel-5.3.3-5.i586.rpm
        TurboLinux ImageMagick-devel-5.3.3-5.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/ImageMagick-devel-5.3.3-5.i586.rpm
        ImageMagick ImageMagick 5.3.8
        ImageMagick ImageMagick 6.0
        http://www.imagemagick.org/script/download.php?
        ImageMagick ImageMagick 5.4.3
        ImageMagick ImageMagick 6.0
        http://www.imagemagick.org/script/download.php?
        TurboLinux ImageMagick-5.4.3-4.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/ImageMagick-5.4.3-4.i586.rpm
        TurboLinux ImageMagick-devel-5.4.3-4.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/ImageMagick-devel-5.4.3-4.i586.rpm

- 漏洞信息 (F36943)

dsa-702.txt (PacketStormID:F36943)
2005-04-14 00:00:00
 
advisory,vulnerability
linux,debian
CVE-2005-0397,CVE-2005-0759,CVE-2005-0760,CVE-2005-0762
[点击下载]

Debian Security Advisory 702-1 - Several vulnerabilities have been discovered in ImageMagick, a commonly used image manipulation library. These problems can be exploited by a carefully crafted graphic image.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 702-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
April 1st, 2005                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : imagemagick
Vulnerability  : several
Problem-Type   : local (remote)
Debian-specific: no
CVE IDs        : CAN-2005-0397 CAN-2005-0759 CAN-2005-0760 CAN-2005-0762
BugTraq ID     : 12875
Debian Bug     : 297990

Several vulnerabilities have been discovered in ImageMagick, a
commonly used image manipulation library.  These problems can be
exploited by a carefully crafted graphic image.  The Common
Vulnerabilities and Exposures project identifies the following
problems:

CAN-2005-0397

    Tavis Ormandy discovered a format string vulnerability in the
    filename handling code which allows a remote attacker to cause a
    denial of service and possibly execute arbitrary code.

CAN-2005-0759

    Andrei Nigmatulin discovered a denial of service condition which
    can be caused by an invalid tag in a TIFF image.

CAN-2005-0760

    Andrei Nigmatulin discovered that the TIFF decoder is vulnerable
    to accessing memory out of bounds which will result in a
    segmentation fault.

CAN-2005-0762

    Andrei Nigmatulin discovered a buffer overflow in the SGI parser
    which allows a remote attacker to execute arbitrary code via a
    specially crafted SGI image file.

For the stable distribution (woody) these problems have been fixed in
version 5.4.4.5-1woody6.

For the unstable distribution (sid) these problems have been fixed in
version 6.0.6.2-2.2.

We recommend that you upgrade your imagemagick package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6.dsc
      Size/MD5 checksum:      852 a15c9207799f081dd98137741ea6ff3a
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6.diff.gz
      Size/MD5 checksum:    16745 4d7ca7465c6ddccf2469daa50708bb10
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
      Size/MD5 checksum:  3901237 f35e356b4ac1ebc58e3cffa7ea7abc07

  Alpha architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_alpha.deb
      Size/MD5 checksum:  1309984 ba338db7c136e444624ea1baf4542882
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_alpha.deb
      Size/MD5 checksum:   154312 e84ecca66a19e9ab19c5cdccc7b50cf2
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_alpha.deb
      Size/MD5 checksum:    56504 97107fda4a8fdab9f94878dc0c64099f
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_alpha.deb
      Size/MD5 checksum:   833508 d509ef8f730fbb1859c25e80ed541631
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_alpha.deb
      Size/MD5 checksum:    67496 4cea2503f109812d1e9b15c59864a162
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_alpha.deb
      Size/MD5 checksum:   114002 c36b4b799a35aafdeea7e15812b9317f

  ARM architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_arm.deb
      Size/MD5 checksum:  1297364 311a8c69fe6e5c9fb07cd46a9efe9b6c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_arm.deb
      Size/MD5 checksum:   118998 7a4e8fbf7fc3c4ef0cd7a55a94aedebb
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_arm.deb
      Size/MD5 checksum:    56568 6d15686630d656bde0154bc2198737e9
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_arm.deb
      Size/MD5 checksum:   898982 99b8e3cd11b6628d5bc8b1ce3631661a
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_arm.deb
      Size/MD5 checksum:    67566 64d6832600f49dd5cc521200d6a3aaff
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_arm.deb
      Size/MD5 checksum:   110130 a1183bf2e0f132242e12e61ff2709579

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_i386.deb
      Size/MD5 checksum:  1294944 68e814230b7f1d9541b6425a308202ad
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_i386.deb
      Size/MD5 checksum:   122958 1e8124a2a00f4313f53fed519f597934
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_i386.deb
      Size/MD5 checksum:    56520 93d4e5a3fe8b73186144c3c32da1c7a5
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_i386.deb
      Size/MD5 checksum:   772790 b7aa7c91e2f0ccc8459659e50d2c3e29
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_i386.deb
      Size/MD5 checksum:    67516 bb9f2f32b01674c9251b3384a7ea7ecb
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_i386.deb
      Size/MD5 checksum:   107116 62dd2d24f082e40ee99ad34804571732

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_ia64.deb
      Size/MD5 checksum:  1336402 6b3759a5668e38fffbe4d7b42815fce9
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_ia64.deb
      Size/MD5 checksum:   137224 d14afd94727d4adc452acff048e6532c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_ia64.deb
      Size/MD5 checksum:    56492 c1449b54caaa5cb44522b4e1bf726100
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_ia64.deb
      Size/MD5 checksum:  1360250 f6a07a004cdde46a4ca63e9342c2c263
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_ia64.deb
      Size/MD5 checksum:    67496 34645b0a4d2e91a1e3e5be40f79b7831
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_ia64.deb
      Size/MD5 checksum:   133128 fc4146c8b9e40d7d1fafc446cfe9f5f9

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_hppa.deb
      Size/MD5 checksum:  1297598 439b7582db0bf3d81ecb07828d0f2193
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_hppa.deb
      Size/MD5 checksum:   133080 839a81effa97b63cc94c1d017be5a111
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_hppa.deb
      Size/MD5 checksum:    56538 8b3d64f7b275b6b162a3b5ab8c308f87
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_hppa.deb
      Size/MD5 checksum:   860082 9b1af5e4b8bbec6e444b4c064eca20db
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_hppa.deb
      Size/MD5 checksum:    67536 81ff1905a0cc25a08c7933854c8870b5
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_hppa.deb
      Size/MD5 checksum:   117380 4b508a87b1adf0df70b01776ac12ecde

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_m68k.deb
      Size/MD5 checksum:  1292754 200fcc0ede095f3664278142a3616826
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_m68k.deb
      Size/MD5 checksum:   134232 6d630d0cf31bca101414eaf85bfad676
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_m68k.deb
      Size/MD5 checksum:    56568 8d36f2552a7a243830d686b341475ac5
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_m68k.deb
      Size/MD5 checksum:   752122 a20851d31e0414e0f711483f7c0880b5
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_m68k.deb
      Size/MD5 checksum:    67548 6d4d8d54045d3536382813636c772ddb
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_m68k.deb
      Size/MD5 checksum:   107638 fa7e7f41400e0d1e6ab1a023f0b3680a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_mips.deb
      Size/MD5 checksum:  1295080 7c56fcf5c91d7e150f5ffdd918a59f0d
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_mips.deb
      Size/MD5 checksum:   120514 0acf33b18ed3d13cb91123470ea119e3
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_mips.deb
      Size/MD5 checksum:    56542 f4059130ba28f7b5aaee65eb8b309034
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_mips.deb
      Size/MD5 checksum:   733268 72e09e1882693c1ce23b1e4af7bff832
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_mips.deb
      Size/MD5 checksum:    67536 5d8b6d466b1d196958fdb4af25aceac1
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_mips.deb
      Size/MD5 checksum:   103552 bedac29cebdb07de2cfcaacc74f2cd95

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_mipsel.deb
      Size/MD5 checksum:  1294986 d019d898ebf34e294d22de0961766cb1
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_mipsel.deb
      Size/MD5 checksum:   114194 a0938f3c642123d54eed414849c6a208
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_mipsel.deb
      Size/MD5 checksum:    56540 96a61a77e9f4586f376e426e9fd38f60
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_mipsel.deb
      Size/MD5 checksum:   721260 0d391b1dacecfe583be7475839b60f44
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_mipsel.deb
      Size/MD5 checksum:    67532 185ed4d1909ce47b330c2dcccf556cfa
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_mipsel.deb
      Size/MD5 checksum:   103082 71995a7aa491caf5934372dcbe5a0f25

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_powerpc.deb
      Size/MD5 checksum:  1291654 8668dc869e092374cf065577efe0299c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_powerpc.deb
      Size/MD5 checksum:   136166 3e82b082adb87fcac9d7de985c1e5569
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_powerpc.deb
      Size/MD5 checksum:    56530 477261d1d2ba7e708489e421f16f9169
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_powerpc.deb
      Size/MD5 checksum:   786508 94134153d2197af796b361570c0eabc8
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_powerpc.deb
      Size/MD5 checksum:    67524 d98810b21696d04234de762965538249
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_powerpc.deb
      Size/MD5 checksum:   112134 934550e0901466a6cde901ae495a3a22

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_s390.deb
      Size/MD5 checksum:  1292328 718d9b153f4ef476c87d5edd7a49e17b
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_s390.deb
      Size/MD5 checksum:   132222 9884c69ac67a3bbdc816c3fa99754da7
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_s390.deb
      Size/MD5 checksum:    56522 4d78d6cf4bf65450c96a3b790253bfbe
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_s390.deb
      Size/MD5 checksum:   778350 8d9559caafcf89f5a3ac7ca176590868
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_s390.deb
      Size/MD5 checksum:    67526 bcc3415a9a8713de9090a02574619519
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_s390.deb
      Size/MD5 checksum:   109200 cd42c80bc62007d844e968cbbcdd552c

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_sparc.deb
      Size/MD5 checksum:  1295418 d4856270abcdd7f13edeb936b6fef130
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_sparc.deb
      Size/MD5 checksum:   124058 398f89e2b26f3de378c8637a7918295d
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_sparc.deb
      Size/MD5 checksum:    56536 401e2418f5e0467a873cc085c97f5cd6
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_sparc.deb
      Size/MD5 checksum:   802868 058c06b4bba2b2a5349ff75444eaa236
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_sparc.deb
      Size/MD5 checksum:    67526 bf83c12f85bfe35bcaefa60c8d2054d4
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_sparc.deb
      Size/MD5 checksum:   113100 94154ee3f7695ecdaebb0a39548f4908


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCTVouW5ql+IAeqTIRAs7fAJ9XqOieOQE5Ne4PXQINtXMkqND7tQCeIyZj
56rBRIiOCkbOd6/bLGkT158=
=mHeL
-----END PGP SIGNATURE-----

    

- 漏洞信息

15111
ImageMagick TIFF Invalid Tag DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-03-17 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

ImageMagick TIFF Image Tag Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 12875
Yes No
2005-03-23 12:00:00 2013-03-05 05:04:00
Andrei Nigmatulin is credited with the discovery of this issue.

- 受影响的程序版本

Xerox FreeFlow Print Server (FFPS) 73.C0.41
Xerox FreeFlow Print Server (FFPS) 73.B3.61
SGI ProPack 3.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
Red Hat Fedora Core2
Red Hat Fedora Core1
ImageMagick ImageMagick 5.5.7
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
ImageMagick ImageMagick 5.5.6 .0-20030409
+ OpenPKG OpenPKG Current
ImageMagick ImageMagick 5.5.6
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
ImageMagick ImageMagick 5.5.4
+ S.u.S.E. Linux Personal 8.2
ImageMagick ImageMagick 5.5.3 .2-1.2.0
+ OpenPKG OpenPKG 1.2
ImageMagick ImageMagick 5.4.8 .2-1.1.0
+ OpenPKG OpenPKG 1.1
ImageMagick ImageMagick 5.4.8
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
ImageMagick ImageMagick 5.4.7
+ Turbolinux Turbolinux Server 8.0
ImageMagick ImageMagick 5.4.4 .5
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
ImageMagick ImageMagick 5.4.3
+ Turbolinux Turbolinux Workstation 8.0
ImageMagick ImageMagick 5.3.8
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
ImageMagick ImageMagick 5.3.3
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 7.0
ImageMagick ImageMagick 6.2 .0.4
+ Gentoo Linux
ImageMagick ImageMagick 6.2
ImageMagick ImageMagick 6.1.8
+ Gentoo Linux
ImageMagick ImageMagick 6.1.7
ImageMagick ImageMagick 6.1.6
ImageMagick ImageMagick 6.1.5
ImageMagick ImageMagick 6.1.4
ImageMagick ImageMagick 6.1.3
ImageMagick ImageMagick 6.1.2
ImageMagick ImageMagick 6.1.1
ImageMagick ImageMagick 6.1
ImageMagick ImageMagick 6.0.8
ImageMagick ImageMagick 6.0.7
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux Desktop version 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
ImageMagick ImageMagick 6.0.6
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
ImageMagick ImageMagick 6.0.5
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
ImageMagick ImageMagick 6.0.4
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
ImageMagick ImageMagick 6.0.3
ImageMagick ImageMagick 6.0.2 .5
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
ImageMagick ImageMagick 6.0.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
ImageMagick ImageMagick 6.0.1
ImageMagick ImageMagick 6.0

- 不受影响的程序版本

ImageMagick ImageMagick 6.2 .0.4
+ Gentoo Linux
ImageMagick ImageMagick 6.2
ImageMagick ImageMagick 6.1.8
+ Gentoo Linux
ImageMagick ImageMagick 6.1.7
ImageMagick ImageMagick 6.1.6
ImageMagick ImageMagick 6.1.5
ImageMagick ImageMagick 6.1.4
ImageMagick ImageMagick 6.1.3
ImageMagick ImageMagick 6.1.2
ImageMagick ImageMagick 6.1.1
ImageMagick ImageMagick 6.1
ImageMagick ImageMagick 6.0.8
ImageMagick ImageMagick 6.0.7
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux Desktop version 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
ImageMagick ImageMagick 6.0.6
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
ImageMagick ImageMagick 6.0.5
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
ImageMagick ImageMagick 6.0.4
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
ImageMagick ImageMagick 6.0.3
ImageMagick ImageMagick 6.0.2 .5
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
ImageMagick ImageMagick 6.0.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
ImageMagick ImageMagick 6.0.1
ImageMagick ImageMagick 6.0

- 漏洞讨论

A remote, client-side denial of service vulnerability affects ImageMagick. This issue is likely due to a failure of the application to handle malformed TIFF image files.

A remote attacker may leverage this issue to cause the affected application to crash, potentially causing a loss of data, and denying service to legitimate users.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

This issue was addressed in ImageMagick 6.0 and later.

TurboLinux has released advisory TLSA-2005-47 along with fixes dealing with this issue. Please see the referenced advisory for more information.

SGI has released an advisory 20050304-01-U including updated SGI ProPack 3 Service Pack 4 packages to address this issue. Please see the referenced advisory for more information.

SuSE Linux has released advisory SUSE-SA:2005:017 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2005:070-16 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Debian has released advisory DSA 702-1 to address various issues in imagemagick. Please see the referenced advisory for more information.

MandrakeSoft has released advisory MDKSA-2005:065 to address various issues in ImageMAgick. Please see the referenced advisory for more information.

RedHat Fedora Legacy has released security advisory FLSA:152777 addressing this issue for RedHat Linux 7.3 and 9.0, and for Fedora Core 1 and 2. Please see the referenced advisory for further information.


Red Hat Fedora Core2

Red Hat Fedora Core1

ImageMagick ImageMagick 5.3.3

ImageMagick ImageMagick 5.3.8

ImageMagick ImageMagick 5.4.3

ImageMagick ImageMagick 5.4.4 .5

ImageMagick ImageMagick 5.4.7

ImageMagick ImageMagick 5.4.8 .2-1.1.0

ImageMagick ImageMagick 5.4.8

ImageMagick ImageMagick 5.5.3 .2-1.2.0

ImageMagick ImageMagick 5.5.4

ImageMagick ImageMagick 5.5.6 .0-20030409

ImageMagick ImageMagick 5.5.6

ImageMagick ImageMagick 5.5.7

RedHat Linux 7.3 i686

RedHat Linux 7.3

RedHat Linux 7.3 i386

RedHat Linux 9.0 i386

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站